Resilient
Introduction to Resilient

Overview

This course is designed to provide an initial introduction to Resilient Incident Response Program. It will help you understand how Resilient can be integrated in your environment and provide the tools to get started.



Agenda

  1. Introduction to Resilient
  2. How Resilient Aligns to your Organization
  3. Installing & Administering Resilient
  4. Developing Playbooks
  5. Resources and Support

1h      Foundational
Setting up alternative authentication mechanisms in the IBM Resilient appliance

Overview

This course covers several alternative mechanisms for authenticating users in the IBM Resilient product, including LDAP, SAML and two-factor authentication.




Agenda

  1. LDAP authentication
  2. SAML authentication configuration
  3. Two-factor authentication

Duration: 22 minutes

Closed captions: English, French, German, Spanish and Japanese

De En Es Fr Ja
22m      Intermediate
Managing logs in the IBM Resilient appliance

Overview

This course demonstrates how to manage logs in the IBM Resilient appliance. This includes how to configure logging, audit logging and syslog.




Agenda

  • 1. Log configuration
  • 2. Configuring audit logs
  • 3. Configuring syslog

Duration: 8 minutes

Closed captions: English, French, German, Spanish and Japanese

De En Es Fr Ja
8m      Intermediate
Working with Resilient workspaces

Overview

This course teaches how the IBM Resilient product uses workspaces. The course covers key workspace concepts, how to create them and how to delete them.



Agenda
  1. Workspace key concepts
  2. Create workspace
  3. Delete workspace
Duration: 7 minutes
Closed captions: English, French, German, Spanish and Japanese

De En Es Fr Ja
7m      Foundational
Resilient Rules and Workflows
NEW

This video demonstrates when and how to use rules and workflows configuration objects in Resilient to implement dynamic incident response playbooks.

Agenda

  • Introduction
  • When to use rules
  • When to use workflows
  • Summary

Duration: 11 minutes

11m      Foundational
Working with Resilient roles

Overview

This course will show you how to understand roles in the IBM Resilient product. A role is a specific set of permissions, which you can assign to users and groups. The Roles tab allows you to define and manage roles. You can assign multiple roles to a user, which gives the user a superset of all the permissions in the roles.The course demonstrates how to create and delete roles, describes the difference between global and workspace roles, which roles are predefined and explains how Resilient uses role categories.

De En Es Fr Ja
9m      Foundational
Common Resilient use cases

Overview

This course covers 4 common scenarios that demonstration of how the Resilient Incident Response Platform can be used to

  • Automate the escalation and collection of data
  • Manage a ransomware attack
  • Deal with a data breach involving an inside actor
  • Accelerate your Response to Phishing Attacks
Closed captions: English, French, German, Spanish and Japanese

De En Es Fr Ja
1h 1m      Foundational
Managing users and groups in Resilient

Overview

This course covers aspects of managing users and groups in IBM Resilient such as creating users using the Resilient user-interface or by using terminal commands and how to reassign incidents and tasks to a different user.



Agenda

  1. Creating a user using using the UI
  2. Creating a user using terminal commands
  3. Reassigning incidents and tasks
  4. Enabling LDAP authentication
  5. Enabling LDAP users in groups and deleting LDAP users
Closed captions: English, French, German, Spanish and Japanese

De En Es Fr Ja
13m      Intermediate
Managing GDPR Data Breach Notification Requirements with the Resilient Incident Response Platform

Overview

The Resilient Incident Response Platform has been updated to incorporate the new data breach notification requirements of the EU General Data Protection Regulation (GDPR). This video demonstrates these enhancements by walking through how notifications would be handled during a ransomware attack at a hospital where personal data was exposed.

Closed captions: English, French, German, Spanish and Japanese

De En Es Fr Ja
15m      Foundational
Resilient security

Overview

This course reviews key issues in managing security in IBM Resilient. Topics cover a broad range of issues such as how to defang a URL, change ciphers and protocols, how to work with keyvaults, keystores and secrets as well as how to encrypt and backup the keyvault password.

Agenda

    1. Defanging URLs
      • This video demonstrates how to "defang" your URLs in IBM Resilient to help assure users do not inadvertently click on malicious links.
    2. Changing Ciphers and Protocols in IBM Resilient
      • This video demonstrates how to change the ciphers and protocol in IBM Resilient. There is a review of which ciphers and protocols are used by default using the nmap application, followed by a demonstration of which files need to be edited in order to adjust the ciphers and protocols being used.
    3. Keyvaults, Keystores and Secrets
      • This video discusses keyvaults, keystores and secrets within IBM Resilient.
    4. Encrypting the keyvault password
      • This video describes how to encrypt a keyvault password in IBM Resilient. The keyvault password is stored as an unencrypted file by default but can be encrypted using gpg to protect it and decrypted whenever needed.
    5. Backing up the keyvault
      • The keyvault stores all passwords used within IBM Resilient. If the keyvault were lost, it would result in a considerable loss of data. For that reason, the Resilient platform runs a backup of keyvault files to the system database anytime passwords are added or removed and after each system upgrade. This video shows how to use the resutil keyvaultrestore command to restore keyvault files from the system database.


    Duration: 19 minutes

    Closed captions: English, French, German, Spanish and Japanese


    De En Es Fr Ja
    19m      Intermediate
    Initial configuration of the IBM Resilient appliance

    Overview

    This course contains 6 videos that cover various topics important to understand when installing and configuring the IBM Resilient Appliance.



    Agenda
    • Configuring SSL/TSL certificates
    • Importing the Resilient License Key
    • Updating the Resilient Appliance Software
    • Installing optional packages
    • Setting the time zoneSMTP Email configuration
    Closed captions: English, French, German, Spanish and Japanese

    De En Es Fr Ja
    21m      Intermediate
    Getting started with IBM Resilient

    Overview

    Resilient Incident Response Platform is a central hub for incident responses that helps make incident response efficient and compliant. The platform is based on a knowledge base of incident response best practices, industry standard frameworks, and regulatory requirements.

    The Resilient platform implements incident responses through the use of dynamic playbooks. A dynamic playbook is the set of rules, conditions, business logic, workflows and tasks used to respond to an incident. The Resilient platform updates the response automatically as the incident progresses and is modified.
    In this course, you learn the Resilient basic concepts, platform architecture, and will review a demonstration of the installation process.

    Objectives

    • Learn the value of IBM Resilient
    • Review the introduction video to the IBM Resilient platform
    • Learn the IBM Resilient Platform architecture
    • Learn about necessary prerequisites
    • Review the installation process
    • Describe the value of dynamic playbooks
    Closed captions: English, French, German, Spanish and Japanese

    De En Es Fr Ja
    25m      Foundational
    Guardium and Resilient integration: Email Connector

    Overview

    In this video, you will see how to set up IBM Guardium email alerts in an IBM Resilient incident response workflow using the Resilient Email Connector.

    5m      Intermediate
    Click roadmap title to expand/collapse roadmap

    Getting Started with IBM Resilient

    This roadmap is designed to provide an initial introduction to Resilient Incident Response Program.


    Overview and install

    These courses help you to understand how Resilient can be integrated into your environment and provide the tools to get started.
    Introduction to Resilient
    Foundational
    Getting started with IBM Resilient
    Foundational

    On-premises setup

    Learn how to perform the initial configuration to start using Resilient.
    Initial configuration of the IBM Resilient appliance
    Intermediate

    User management and authentication

    Learn how to configure user access
    Setting up alternative authentication mechanisms in the IBM Resilient appliance
    Intermediate
    Managing users and groups in Resilient
    Intermediate

    Common use cases

    Learn about typical scenarios for using Resilient.
    Common Resilient use cases
    Foundational
    Click roadmap title to expand/collapse roadmap

    Resilient Application Administrator/Saas Administrator (Master Administrator)

    These courses teach you how to administer Resilient on both an On premise or SaaS deployment of Resilient SOAR platform


    Managing users

    Managing users and groups in Resilient
    Intermediate
    Resilient - Deleting or Deactivating a User
    Foundational
    Resilient - Deactivate user / Reassign
    Foundational
    Working with Resilient roles
    Foundational
    Resilient - Deleting Roles
    Foundational

    Authentication

    Setting up alternative authentication mechanisms in the IBM Resilient appliance
    Intermediate

    Setting up the ORG

    These courses teach you how to configure the Resilient Organization
    Resilient - Organization Details
    Foundational
    Resilient - Organization Settings
    Foundational
    Resilient - Migrating Organizational Settings
    Foundational
    Resilient - Defanging URLs
    Foundational
    Resilient - Threat Sources Overview
    Intermediate
    Resilient - Notifications and substitution
    Intermediate

    Workspaces

    Working with Resilient workspaces
    Foundational
    Click roadmap title to expand/collapse roadmap

    Playbook Designer/ Developer

    This roadmap instructs the designer in the features available for creating playbooks within Resilient


    Foundations of Design

    These courses teach you how to automate and design the components which make up a playbook in the Resilient SOAR platform.
    Resilient - Modify the New Incident Wizard Layout
    NEW
    Foundational
    Resilient - Reporting Custom Sections / Flags
    Foundational
    Resilient - Delete Incident / Bulk Actions
    NEW
    Foundational
    Resilient - Artifact Relation
    Foundational
    Resilient - Threat Sources Overview
    Intermediate
    Resilient - Notifications and substitution
    Intermediate
    Creating custom graphs in the Resilient application
    NEW
    Intermediate
    Resilient - How To Create Wikis
    Intermediate
    Resilient - Data Tables
    NEW
    Foundational
    Resilient Rules and Workflows
    NEW
    Foundational
    Resilient - Dynamic Playbooks / Rules
    NEW
    Foundational
    Click roadmap title to expand/collapse roadmap

    Security Analyst

    As a Security Analyst you will learn how to manage, use and respond to security events using Resilient playbooks.


    Resilient Security Foundations

    These courses teach you how to investigate and remediate security incidents using Resilient.
    Resilient - Defanging URLs
    Foundational
    Resilient - How To Create Wikis
    Intermediate
    Resilient - Notifications and substitution
    Intermediate
    Creating custom graphs in the Resilient application
    NEW
    Intermediate
    Resilient - Search
    NEW
    Foundational
    Resilient - Reporting Custom Sections / Flags
    Foundational

    Artifacts and Threat Feeds

    These courses will teach you how threat intelligence can perform automatic enrichment for artifacts.
    Resilient - Threat Sources Overview
    Intermediate
    Resilient - Artifact Relation
    Foundational
    Resilient - Creating Custom Artifact Types
    NEW
    Foundational
    Click roadmap title to expand/collapse roadmap

    Privacy Officer

    As a Privacy Officer/ Analyst you will learn how to configure Resilient Privacy and to manage, use and respond to privacy events in your organization.


    Resilient Privacy Foundations

    These courses will teach you how to manage and respond to privacy events using Resilient SOAR platform.
    Managing GDPR Data Breach Notification Requirements with the Resilient Incident Response Platform
    Foundational
    Click roadmap title to expand/collapse roadmap

    Resilient System Administrator (OVA Administrator)

    These courses teach you how to install and configure IBM Resilient on both the OVA and BYORHEL on premise deployments


    Install

    Resilient Prerequisites
    Foundational
    Initial configuration of the IBM Resilient appliance
    Intermediate
    Resilient - Installing via an OVA File
    Intermediate
    Resilient - External Network Configuration
    Foundational

    Configuration

    Resilient security
    Intermediate
    Resilient - Backing up the Keyvault
    Foundational
    Resilient - Encrypting the Keyvault Password
    Intermediate
    Resilient - Keyvaults, Keystores and Secrets
    Foundational

    Logging

    Managing logs in the IBM Resilient appliance
    Intermediate

    Authentication

    Setting up alternative authentication mechanisms in the IBM Resilient appliance
    Intermediate
    Managing users and groups in Resilient
    Intermediate

    Backup and DR

    Resilient - Backing up and Restoring
    Foundational
    Using Resilient disaster recovery health checks
    Intermediate
    Running Resilient disaster recovery playbooks
    Intermediate
    Setting up Resilient disaster recovery
    NEW
    Intermediate